Hi.
We're currently using CVS 1.10 on GNU/Linux platform, with ssh as
CVS_RSH connection method.
Our repository contains a rwxrwsr-x CVSROOT directory, in order to let
everybody create lock files (every developper belongs to the group
owning CVSROOT).
This is problematic since we don't want everybody to be able to commit
changes into CVSROOT , which is possible with the current right of
CVSROOT : even if we write-protect individual files in CVSROOT, there
are nevertheless changed (deleted/re-created ?) after a user has
commited them.
We plan to use the LockDir option of CVSROOT/config to have locks
created in a different directory than CVSROOT.
Then we can write-protect CVSROOT and make it, for instance rwxr-xr-x,
which prevents anybody but the owner to commit any modifications to it.
I have several questions though :
- is this a good way to secure the CVS system (ssh handles privileges,
then individual repository directories use unix groups for protection,
and CVSROOT can only be modified by the admin) ?
- which files have to remain writable inside CVSROOT (thinking to
history, val-tags) ?
- what exact compatibility problems exist between V1.9/V1.10 of CVS
about this LockDir option (the documentation is not very clear as if it
is a problem with CVS clients versions, or migrating the repository to a
downgraded server version, etc.) ?
Btw, I have been poorly lucky when looking for information about
securing the repository, and found very few details about this way of
protecting CVSROOT. I think that it may be because many people use CVS
with pserver, but anyway, I suggest that maintainers of CVS
documentation / sites add a detailed section on this security problem /
solution, if it is the right one ;)...
Thanx in advance for your help.
--
Olivier BERGER IDEALX S.A.S.
D�veloppeur senior 15-17, av. de S�gur
01.44.42.00.00 F-75007 PARIS
06.81.27.86.79 http://IDEALX.com/
